Jump to content

Ekrn.exe UDP Port Usage?


Recommended Posts

I just noticed that ekrn.exe has this UDP port continuously allocated? It doesn't appear to be listening on that port. I don't know any reason why it would allocate a port in this fashion?

 

post-6784-0-98122500-1468529501_thumb.png

Link to comment
Share on other sites

That UDP connection is gone today. Strange .........

 

Yesterday, I rebooted after I posted and connection wasn't initially there but later reappeared. Again I know of no reason why ekrn.exe should be permanently allocating a UDP port.

 

-EDIT- I will also add that in addition to the TCPView screen I posted noting the ekrn.exe UDP connection, I also verified through additional means. First, I used Eset's network connections tool that strangely did not show the ekrn.exe connection? Then, I executed netstat from the command prompt which indeed verified the ekrn.exe UDP port allocation.

Edited by itman
Link to comment
Share on other sites

Ok, something definitely is not right here.

 

I created a firewall rule to specifically monitor and block and Eset UDP traffic. Coming out of stand-by mode, I get an alert from ekrn.exe trying to establish a DNS connection to my DNS provider, VeriSign. It did appear this was related to auto Eset update activity since I also received an alert from the Eset firewall on TCP inbound activity from an Eset update server URL. Note that this was not a statefull connection since the firewall would have allowed it. 

 

I need an explanation on why Eset is performing DNS resolution which should only be performed by svchost.exe.

 

post-6784-0-45618600-1468623710_thumb.png

 

 

Link to comment
Share on other sites

Mystery solved.

 

Appears Eset pre-allocates a source UPD port for ekrn.exe DNS use. A bit unconventional since I have never seen any other app or security software ever do so, but acceptable.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...